There is an old saying: “Keep your core business processes close.” There is clearly good reason for doing so. Only the company itself understands its core processes and values these appropriately.

Download this free guide

The importance of web security

Join us as we take a look at the different approaches you can take in order to bolster your web security. We find out how to identify and address overlooked web security vulnerabilities, how security controls affect web security assessment results and why web opportunities must be met with appropriate security controls.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

But can we class IT security processes as core? That is a key question that needs answering to understand what to outsource and what to keep in-house.

There are various frameworks that cover IT security, its components and processes. Cloud Security Alliance (CSA) has created a guidance document for organisations planning to adopt cloud computing - effectively a type of outsourcing. It contains various domains grouped into two areas: governance, and operational.

The governance domains are those where outsourcing is not advised. However, within the CSA operational domains there are candidates for outsourcing such as: datacentre operations, application security, identity and access management, and virtualisation.

Another view-point is based on the Security Architecture Model where traditional network and computer stacks (such as network, host, application, data) are surrounded by specialised security technology areas, namely identity and access management, cryptography, security event and incident management, and business continuity. All of the above are overseen by governance, risk and compliance (GRC). It can be argued that all of the technology security stack can be outsourced except GRC, which is one of the key processes in IT security.

Could you outsource firewall management (network security), vulnerability scanning or anti-malware (host security) or running a database firewall (data security)? Yes you could, and frankly, I would prefer it as I have better leverage over my outsourcing partner then I have over my colleagues in IT.

Another reason to outsource these specialised areas is exactly that - it is rather specialised and that means scarce resources, which may not be fully utilised in your company.

In summary, outsourcing of IT security is not for everyone. It’s an option others are doing so you can too, but it's not for everyone so equally keep it inside if you want. However, there are elements of IT security that should not be outsourced.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy